#include "config.h"
#include <stdio.h>
+#include <stddef.h>
#include <sys/types.h>
#ifndef _WIN32
#include <openssl/bn.h>
#include <openssl/opensslv.h>
#include <openssl/pem.h>
-#include <openssl/md5.h>
+#include <openssl/sha.h>
#include <openssl/x509v3.h>
#ifdef _WIN32
/* https://www.openssl.org/docs/faq.html
*
* Function : host_to_hash
*
- * Description : Creates MD5 hash from host name. Host name is loaded
- * from structure csp and saved again into it.
+ * Description : Creates a sha256 hash from host name. The host name
+ * is taken from the csp structure and stored into it.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
*********************************************************************/
static int host_to_hash(struct client_state *csp)
{
- int ret = 0;
-
- memset(csp->http->hash_of_host, 0, sizeof(csp->http->hash_of_host));
- MD5((unsigned char *)csp->http->host, strlen(csp->http->host),
+ SHA256((unsigned char *)csp->http->host, strlen(csp->http->host),
csp->http->hash_of_host);
- /* Converting hash into string with hex */
- size_t i = 0;
- for (; i < 16; i++)
- {
- if ((ret = sprintf((char *)csp->http->hash_of_host_hex + 2 * i, "%02x",
- csp->http->hash_of_host[i])) < 0)
- {
- log_error(LOG_LEVEL_ERROR, "Sprintf return value: %d", ret);
- return -1;
- }
- }
+ return create_hexadecimal_hash_of_host(csp);
- return 0;
}
{
int ret = 0;
char* key_file_path;
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
BIGNUM *exp;
RSA *rsa;
+#endif
EVP_PKEY *key;
key_file_path = make_certs_path(csp->config->certificate_directory,
return 0;
}
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
exp = BN_new();
rsa = RSA_new();
key = EVP_PKEY_new();
ret = -1;
goto exit;
}
+#else
+ key = EVP_RSA_gen(RSA_KEYSIZE);
+ if (key == NULL)
+ {
+ log_error(LOG_LEVEL_ERROR, "EVP_RSA_gen() failed");
+ ret = -1;
+ goto exit;
+ }
+#endif
/*
* Exporting private key into file
/*
* Freeing used variables
*/
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
if (exp)
{
BN_free(exp);
{
RSA_free(rsa);
}
+#endif
if (key)
{
EVP_PKEY_free(key);
*/
#define CERT_INFO_BUF_SIZE 4096
#define ISSUER_NAME_BUF_SIZE 2048
-#define HASH_OF_HOST_BUF_SIZE 16
+#define HASH_OF_HOST_BUF_SIZE 32
#endif /* FEATURE_HTTPS_INSPECTION */
#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS
# include MBEDTLS_CONFIG_FILE
#endif
-#include "mbedtls/md5.h"
+#include "mbedtls/sha256.h"
#include "mbedtls/pem.h"
#include "mbedtls/base64.h"
#include "mbedtls/error.h"
*
* Function : host_to_hash
*
- * Description : Creates MD5 hash from host name. Host name is loaded
- * from structure csp and saved again into it.
+ * Description : Creates a sha256 hash from host name. The host name
+ * is taken from the csp structure and stored into it.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
*********************************************************************/
static int host_to_hash(struct client_state *csp)
{
- int ret = 0;
-
-#if !defined(MBEDTLS_MD5_C)
-#error mbedTLS needs to be compiled with md5 support
-#else
- memset(csp->http->hash_of_host, 0, sizeof(csp->http->hash_of_host));
- ret = mbedtls_md5_ret((unsigned char *)csp->http->host,
- strlen(csp->http->host), csp->http->hash_of_host);
- if (ret != 0)
- {
- log_error(LOG_LEVEL_ERROR,
- "Failed to generate md5 hash of host %s: %d",
- csp->http->host, ret);
- return -1;
- }
+ mbedtls_sha256((unsigned char *)csp->http->host,
+ strlen(csp->http->host), csp->http->hash_of_host, 0);
- /* Converting hash into string with hex */
- size_t i = 0;
- for (; i < 16; i++)
- {
- if ((ret = sprintf((char *)csp->http->hash_of_host_hex + 2 * i, "%02x",
- csp->http->hash_of_host[i])) < 0)
- {
- log_error(LOG_LEVEL_ERROR, "Sprintf return value: %d", ret);
- return -1;
- }
- }
+ return create_hexadecimal_hash_of_host(csp);
- return 0;
-#endif /* MBEDTLS_MD5_C */
}
/*********************************************************************
return 0;
}
+
+
+/*********************************************************************
+ *
+ * Function : create_hexadecimal_hash_of_host
+ *
+ * Description : Converts the binary hash of a host into a
+ * hexadecimal string.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : -1 => Error while creating hash
+ * 0 => Hash created successfully
+ *
+ *********************************************************************/
+int create_hexadecimal_hash_of_host(struct client_state *csp)
+{
+ int i;
+ int ret;
+
+ for (i = 0; i < HASH_OF_HOST_BUF_SIZE; i++)
+ {
+ ret = sprintf((char *)csp->http->hash_of_host_hex + 2 * i, "%02x",
+ csp->http->hash_of_host[i]);
+ if (ret < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "sprintf() return value: %d", ret);
+ return -1;
+ }
+ }
+
+ return 0;
+
+}
extern int get_certificate_valid_from_date(char *buffer, size_t buffer_size, const char *fmt);
extern int get_certificate_valid_to_date(char *buffer, size_t buffer_size, const char *fmt);
extern int enforce_sane_certificate_state(const char *certificate, const char *key);
+extern int create_hexadecimal_hash_of_host(struct client_state *csp);
#endif /* ndef SSL_COMMON_H_INCLUDED */
*
* Function : host_to_hash
*
- * Description : Creates MD5 hash from host name. Host name is loaded
- * from structure csp and saved again into it.
+ * Description : Creates a sha256 hash from host name. The host name
+ * is taken from the csp structure and stored into it.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
*********************************************************************/
static int host_to_hash(struct client_state *csp)
{
- wc_Md5 md5;
int ret;
- size_t i;
- ret = wc_InitMd5(&md5);
+ ret = wc_Sha256Hash((const byte *)csp->http->host,
+ (word32)strlen(csp->http->host), (byte *)csp->http->hash_of_host);
if (ret != 0)
{
- return -1;
- }
-
- ret = wc_Md5Update(&md5, (const byte *)csp->http->host,
- (word32)strlen(csp->http->host));
- if (ret != 0)
- {
- return -1;
+ return -1;
}
- ret = wc_Md5Final(&md5, csp->http->hash_of_host);
- if (ret != 0)
- {
- return -1;
- }
+ return create_hexadecimal_hash_of_host(csp);
- wc_Md5Free(&md5);
-
- /* Converting hash into string with hex */
- for (i = 0; i < 16; i++)
- {
- ret = snprintf((char *)csp->http->hash_of_host_hex + 2 * i,
- sizeof(csp->http->hash_of_host_hex) - 2 * i,
- "%02x", csp->http->hash_of_host[i]);
- if (ret < 0)
- {
- log_error(LOG_LEVEL_ERROR, "sprintf() failed. Return value: %d", ret);
- return -1;
- }
- }
-
- return 0;
}